ARC is categorized experimental and, according to the linked documentation page, purely relies on the trust of the recipient into the sending intermediate domain. This boils down to whitelists and that got problems to become scalable.
Tampering with SPF/DKIM signatures is, in my perception, no longer technically viable. It will cause ever increasing problems with the increasing enforcement of SPF/DKIM checks to pass. Dirk proposed a stable option that is also as user friendly as it can technically be. It can also be used to protect the senders identity/email address. On Wed, 30 Oct 2024, 17:56 Dirk-Willem van Gulik, <di...@webweaving.org> wrote: > On 30 Oct 2024, at 17:43, Arnout Engelen <enge...@apache.org> wrote: > > .... > > If we keep the 'From', AFAICS we *have* to disable rewriting the > > `Reply-To`, right? Otherwise DKIM signatures will still be broken? > > > > In that case, how would you respond to the list? Would you have to > > type the list address each time? You mentioned in [1] that > .... > > I see only 2 solutions: > > > > 1) we could configure the list so that it changes the 'From' to the > > list address. That way the email is valid SPF-wise and could be signed > > with DKIM, since it's created on an apache.org <http://apache.org/> > mailserver. Ideally > > this would keep the original sender somewhere as well, such as in the > > Cc. > > 2) if this is not acceptable for some reason, perhaps we could > > implement ARC[3]. It seems to be designed for exactly this scenario, > > but I'm not sure how widely supported it is by receiving mailservers. > > A third one I see on some lists (e.g. in the IETF) is where the From is > indeed changed as per 1 - but with a personal twist; so it becomes > > Dirk-Willem van Gulik (via the ACME-Discuss Mailing list) > <acme-discuss-dirkx=webweaving....@some.fully.qdn.org> > or > Dirk-Willem van Gulik (via the ACME-Discuss Mailing list) > <acme-discuss-$gibber...@some.fully.qdn.org> > > where gibberish is something that is matched back. > > Dw >
